This is turning into big news![quote=", post:, topic:"]
The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.
Although Microsoft released a patch, it has gone on to infect 3.5m machines.
Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch.
Microsoft classifies it as a critical security update, but then the highest number of infected IPs come from countries where piracy is huge and people don't (and can't) apply the updates to Windows because of WGA validation. Although this particular patch is available for download without validation from their website, many people don't know about its availability because they don't use Windows' built in update software. The worm infects XP, Vista, Server and Windows 7 as well.[quote=", post:, topic:"]
They do this by trying to connect to various Web addresses. And if the worm finds an active Web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines.
They could build a large botnet for example. The framework is in place.
F-Secure did some tracking of the worm and tried to count the number of IPs connecting to their servers; you can read about what they did on their blog post. China (38,277), Brazil, Russia and India top the list of highest number of infected IPs. Pakistan is 27th with 1,655 detected.
Their tracking method is smart, but not very thorough obviously. They've detected only the number of machines that connect to the random domains they own - because the domains are random, there are undoubtedly many more computers that don't even connect to F-Secure's domains. They made a post later to explain how they're estimating the total number of Downadup infections. The estimated total at last count was over 8.9 million computers.
The best thing to do would be to patch Windows! You can download the patch from Microsoft's Download Center - select your OS version from the list of Affected Software at the Security Bulletin (MS08-067, KB958644) if the update hasn't already been installed on your machine.
F-Secure also has a list of thousand domain names that will be used by Conficker from Jan 17th to 31st. You can blacklist those domains, so even if you are infected, the worm will not be able to connect to the malicious domains.
This could turn in to a huge botnet, and if F-Secure's numbers are right, "it would make for one big badass botnet," to put in their own words. Patch, be careful of what you download, sterilise your USB disks and most importantly, try and spread the word around so everyone can get patched as soon as possible.
Three million hit by Windows worm, BBC News
How big is Downadup, F-Secure